bugzilla-daemon at mindrot.org
2025-Jun-02 17:33 UTC
[Bug 3833] New: Setting User with a wildcard Host doesn't work correctly with ProxyJump
https://bugzilla.mindrot.org/show_bug.cgi?id=3833 Bug ID: 3833 Summary: Setting User with a wildcard Host doesn't work correctly with ProxyJump Product: Portable OpenSSH Version: -current Hardware: All OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: marc.a.sarrel at jpl.nasa.gov I need to log in to HostB with account UserB. The routing is set up so that I must hop through Host A with account UserA. I'm using forwarding SSH keys with the ssh-agent on my Mac. I have a config file like this on my local Mac: Host * User UserA Host HostA ... Host HostB User UserB ProxyJump HostA And this config file on HostA: Host * User UserA Host HostB User UserB This fails when I type "ssh HostB" on my Mac. It prompts me for the password for UserA on HostB. If I type "ssh HostA" on my Mac, then type "ssh HostB" on HostA, everything works as expected and I log in without typing any passwords or pass phrases. If I change the config file on my Mac to this: Host * ... Host HostA User UserA Host HostB User UserB ProxyJump HostA I can type "ssh HostB" on my Mac and everything works correctly again. But, this is really inconvenient. It means I have to have a bunch more User lines in my config file than I should need. I want the first config file above to work properly with ProxyJump. I should be able to specify a global default user name this way, and then override it only as needed, even if I'm using ProxyJump. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Jun-02 20:33 UTC
[Bug 3833] Setting User with a wildcard Host doesn't work correctly with ProxyJump
https://bugzilla.mindrot.org/show_bug.cgi?id=3833 --- Comment #1 from Marc Sarrel <marc.a.sarrel at jpl.nasa.gov> --- The above presumes that I use UserA for almost all of the hosts in my config file, and that only one or two machines are exceptions. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Jun-03 11:58 UTC
[Bug 3833] Setting User with a wildcard Host doesn't work correctly with ProxyJump
https://bugzilla.mindrot.org/show_bug.cgi?id=3833 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at dtucker.net --- Comment #2 from Darren Tucker <dtucker at dtucker.net> --- The config file parsing is first-match for each config keyword. You want overrides at the top and defaults at the bottom, so something like Host HostA ... Host HostB User UserB ProxyJump HostA Host * User UserA (In reply to Marc Sarrel from comment #0) [...]> And this config file on HostA:Because you're using ProxyJump, the configuration on HostA is not used in this scenario. The local client makes a request to HostA, then makes a second request via HostA using a port forwarding request. In both cases the config on the local client (the Mac) is used. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2025-Jun-03 18:19 UTC
[Bug 3833] Setting User with a wildcard Host doesn't work correctly with ProxyJump
https://bugzilla.mindrot.org/show_bug.cgi?id=3833 --- Comment #3 from Marc Sarrel <marc.a.sarrel at jpl.nasa.gov> --- Thank you. That works! I still wish the order of lines in the file doesn't matter, but I can make this work for me. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Jun-04 02:37 UTC
[Bug 3833] Setting User with a wildcard Host doesn't work correctly with ProxyJump
https://bugzilla.mindrot.org/show_bug.cgi?id=3833 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WORKSFORME Status|NEW |RESOLVED --- Comment #4 from Darren Tucker <dtucker at dtucker.net> --- It's always worked this way. Quoting ssh_config(5): Unless noted otherwise, for each parameter, the first obtained value will be used. The configuration files contain sections separated by Host specifications, and that section is only applied for hosts that match one of the patterns given in the specification. The matched host name is usually the one given on the command line (see the CanonicalizeHostname option for exceptions). Since the first obtained value for each parameter is used, more host- specific declarations should be given near the beginning of the file, and general defaults at the end. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.